Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post

    Lightbulb How to add sha1 hash password to LOGIN page

    Hi guys I have a script which i've been playing around with for over a day now with no luck!

    Now i can't seem to correctly create a login page to pass the hashed password using (sha1).

    Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password.

    Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :|

    Your help would be much appreciated.

    Login Page PHP:

    PHP Code:
    <form name="login" method="post" action="check_login.php3">
    <
    p><strong>Secured Area User Log-in</strong></p>
    <
    p>Username: <input name="bioname" type="text" id="bioname"></p>
    <
    p>Password: <input name="biopass" type="password" id="biopass"></p>
    <
    p> </p>
    <
    p><input type="submit" name="Submit" value="Login"></p>
    </
    form
    Check Login Processor (which is the file i that needs the sha1 added somewhere i think)

    PHP Code:
    <?php
    require_once('config.php3');

    // Connect to the server and select the database.
    mysql_connect("$host""$username""$password")or die("cannot connect");
    mysql_select_db("$db")or die("Unable to select database");


    //
    $loginusername false;
    $loginpassword false;


    $err false// default error message is empty

    // The username and password sent from login.php
    //the isset() basically means if its there get it, otherwise dont bother

    if (isset($_POST['bioname'])) $loginusername=$_POST['bioname'];
    if (isset(
    $_POST['biopass']))$loginpassword=$_POST['biopass'];

    // if either isnt filled in, tell the user, a very basic bit of validation

    if (!$loginusername || !$loginpassword$err "please complete the form";
    if (!
    $err//if no error continue

    {
        
    //The following bit of coding protects from MySQL injection attacks

        
    $loginusername stripslashes($loginusername);
        
    $loginpassword stripslashes($loginpassword);
        
    $loginusername mysql_real_escape_string($loginusername);
        
    $loginpassword mysql_real_escape_string($loginpassword);

        
    //you could add other things like check for text only blah blah

        
    $sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'";

        
    $result=mysql_query($sql);
        
    // Count how many results were pulled from the table
        
    $count=mysql_num_rows($result);

        
    // If the result equals 1, continue
        
    if($count==1)
        {
            
    session_start();
            
    $_SESSION['user'] = $loginusername// store session data
            //please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user
            //that would be a pain in the ***, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is
            
    header("Location: {$loginusername}/index.php3");
            
        }
        else 
        {
        
    $err "Wrong Username or Password";
        }
    }
    // end login if statement

    if ($err// show error message if there is one
    {
        echo 
    $err;
        echo 
    "<br>Please go back in your browser and try again";
    }
    ?>

    The secure page:

    PHP Code:
    <?php
    session_start
    (); 

    $mypath $_SERVER["REQUEST_URI"];
    //echo $mypath; // for debugging
    //now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php 
    //use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string.
    //http://php.net/manual/en/function.strrpos.php

    if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/
    {
        echo 
    "congratulations you are the right person in the right place";
    }
    else
    {
     
    session_destroy(); //kill the session, naughty person trying to come here
     
    header("Location: ../login.php3");
     die();
    // stop page executing any further
    }

    ?>

    <html>
    <body>


    </body>
    </html>

    Thanks and i look forward to your replies.

  • #2
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    PHP Code:
    $loginpassword sha1($loginpassword); 
    Boom.

  • #3
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Inigoesdr View Post
    PHP Code:
    $loginpassword sha1($loginpassword); 
    Boom.
    Crank

    Doesn't work

    I could be placing it in the wrong place. Could you also give me one with salt? I think the passwords are salted... or that doesn't matter?

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by Kayz View Post
    Crank

    Doesn't work
    You're going to have to put forth some effort with the debugging process. We can't tell you what is wrong when you provide no feedback whatsoever.
    Quote Originally Posted by Kayz View Post
    I think the passwords are salted... or that doesn't matter?
    It does matter, and there are many ways to salt a password so you have to be more specific if you want an example.

  • #5
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Inigoesdr View Post
    You're going to have to put forth some effort with the debugging process. We can't tell you what is wrong when you provide no feedback whatsoever.


    It does matter, and there are many ways to salt a password so you have to be more specific if you want an example.
    Apologies, well ive tried various methods and have practically spent an entire weekend trying to get this to work. After placing the snippets it simply dosent login because my passwords in the database are hashed. I tried with plain text passwords and my script works fine. So its just the Sha1 encryption which im trying to pass through my login script thats all.


    I am using my own login script to log into another system script which is a 'user managment' system (this works fine).

    Now i discovered this is the hash that is being used.

    PHP Code:
    $code ''
          for(
    $x 0$x<6$x++) { 
              
    $code .= '-'.substr(strtoupper(sha1(rand(0,999999999999999))),2,6); 
          } 
          
    $code substr($code,1); 
          return 
    $code

    So im trying to login into the system using my 'own' login script which im trying to get to work and validate the user according to sha1 and the values above? (I hope im making sense!)

    Cheers

  • Users who have thanked Kayz for this post:

    bantayso (10-24-2011)

  • #6
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,335
    Thanks
    13
    Thanked 348 Times in 344 Posts
    Quote Originally Posted by Kayz View Post
    I tried with plain text passwords and my script works fine.
    if you can login without hashing, doesn’t that mean the passwords ain’t hashed?
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #7
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Dormilich View Post
    if you can login without hashing, doesn’t that mean the passwords ain’t hashed?
    Yes to test the script i set a password to plain text which worked, now the passwords are hashed hence im trying to implement sha1 hash to pass at login.

  • #8
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,335
    Thanks
    13
    Thanked 348 Times in 344 Posts
    unless you know exactly how the passwords were hashed, there is no way to find that out by trying in PHP.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #9
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Dormilich View Post
    unless you know exactly how the passwords were hashed, there is no way to find that out by trying in PHP.
    I have the script, the snippet of hash code i've provided above.

    I believe this to be the full code...

    functions.php

    PHP Code:
    <?php
      
    if (!defined("_VALID_PHP"))
          die(
    'Direct access to this location is not allowed.');
      
      
    /**
       * redirect_to()
       * 
       * @param mixed $location
       * @return
       */
      
    function redirect_to($location)
      {
          if (!
    headers_sent()) {
              
    header('Location: ' $location);
              exit;
          } else
              echo 
    '<script type="text/javascript">';
              echo 
    'window.location.href="' $location '";';
              echo 
    '</script>';
              echo 
    '<noscript>';
              echo 
    '<meta http-equiv="refresh" content="0;url=' $location '" />';
              echo 
    '</noscript>';
      }
      
      
    /**
       * countEntries()
       * 
       * @param mixed $table
       * @param string $where
       * @param string $what
       * @return
       */
      
    function countEntries($table$where ''$what '')
      {
          global 
    $db;
          if (!empty(
    $where) && isset($what)) {
              
    $q "SELECT COUNT(*) FROM " $table "  WHERE " $where " = '" $what "' LIMIT 1";
          } else
              
    $q "SELECT COUNT(*) FROM " $table " LIMIT 1";
          
          
    $record $db->query($q);
          
    $total $db->fetchrow($record);
          return 
    $total[0];
      }
      
      
    /**
       * getChecked()
       * 
       * @param mixed $row
       * @param mixed $status
       * @return
       */
      
    function getChecked($row$status)
      {
          if (
    $row == $status) {
              echo 
    "checked=\"checked\"";
          }
      }
      
      
    /**
       * post()
       * 
       * @param mixed $var
       * @return
       */
      
    function post($var)
      {
          if (isset(
    $_POST[$var]))
              return 
    $_POST[$var];
      }
      
      
    /**
       * get()
       * 
       * @param mixed $var
       * @return
       */
      
    function get($var)
      {
          if (isset(
    $_GET[$var]))
              return 
    $_GET[$var];
      }
      
      
    /**
       * sanitize()
       * 
       * @param mixed $string
       * @param bool $trim
       * @return
       */
      
    function sanitize($string$trim false$int false$str false)
      {
          
    $string filter_var($stringFILTER_SANITIZE_STRING);
          
    $string trim($string);
          
    $string stripslashes($string);
          
    $string strip_tags($string);
          
    $string str_replace(array('‘''’''“''”'), array("'""'"'"''"'), $string);
          
          if (
    $trim)
              
    $string substr($string0$trim);
          if (
    $int)
              
    $string preg_replace("/[^0-9\s]/"""$string);
          if (
    $str)
              
    $string preg_replace("/[^a-zA-Z\s]/"""$string);
              
          return 
    $string;
      }
        
      
    /**
       * getValue()
       * 
       * @param mixed $stwhatring
       * @param mixed $table
       * @param mixed $where
       * @return
       */
      
    function getValue($what$table$where)
      {
          global 
    $db;
          
    $sql "SELECT $what FROM $table WHERE $where";
          
    $row $db->first($sql);
          return 
    $row[$what];
      }  
      
      
    /**
       * tooltip()
       * 
       * @param mixed $tip
       * @return
       */
      
    function tooltip($tip)
      {
          return 
    '<img src="'.SITEURL.'/images/tooltip.png" alt="Tip" class="tooltip" title="' $tip '" />';
      }
      
      
    /**
       * required()
       * 
       * @return
       */
      
    function required()
      {
          return 
    '<img src="'.SITEURL.'//images/required.png" alt="Required Field" class="tooltip" title="Required Field" />';
      }

      
    /**
       * cleanOut()
       * 
       * @param mixed $text
       * @return
       */
      
    function cleanOut($text) {
         
    $text =  strtr($text, array('\r\n' => ""'\r' => ""'\n' => ""));
         
    $text html_entity_decode($textENT_QUOTES'UTF-8');
         
    $text str_replace('<br>''<br />'$text);
         return 
    stripslashes($text);
      }
        

      
    /**
       * isAdmin()
       * 
       * @param mixed $userlevel
       * @return
       */
      
    function isAdmin($userlevel)
      {
          switch (
    $userlevel) {
              case 
    9:
                 
    $display '<img src="'.SITEURL.'/images/superadmin.png" alt="" class="tooltip" title="Super Admin"/>';
                 break;

              case 
    7:
                 
    $display '<img src="'.SITEURL.'/images/level7.png" alt="" class="tooltip" title="User Level 7"/>';
                 break;

              case 
    6:
                 
    $display '<img src="'.SITEURL.'/images/level6.png" alt="" class="tooltip" title="User Level 6"/>';
                 break;

              case 
    5:
                 
    $display '<img src="'.SITEURL.'/images/level5.png" alt="" class="tooltip" title="User Level 5"/>';
                 break;
                 
              case 
    4:
                 
    $display '<img src="'.SITEURL.'/images/level4.png" alt="" class="tooltip" title="User Level 4"/>';
                 break;          

              case 
    3:
                 
    $display '<img src="'.SITEURL.'/images/level6.png" alt="" class="tooltip" title="User Level 3"/>';
                 break;

              case 
    2:
                 
    $display '<img src="'.SITEURL.'/images/level5.png" alt="" class="tooltip" title="User Level 2"/>';
                 break;
                 
              case 
    1:
                 
    $display '<img src="'.SITEURL.'/images/user.png" alt="" class="tooltip" title="User"/>';
                 break;              
          }

          return 
    $display;;
      }

      
    /**
       * userStatus()
       * 
       * @param mixed $id
       * @return
       */
      
    function userStatus($status)
      {
          switch (
    $status) {
              case 
    "y":
                  
    $display '<img src="'.SITEURL.'/images/u_active.png" alt="" class="tooltip" title="User Active"/>';
                  break;
                  
              case 
    "n":
                  
    $display '<img src="'.SITEURL.'/images/u_inactive.png" alt="" class="tooltip" title="User Inactive"/>';
                  break;
                  
              case 
    "t":
                  
    $display '<img src="'.SITEURL.'/images/u_pending.png" alt="" class="tooltip" title="User Pending"/>';
                  break;
                  
              case 
    "b":
                  
    $display '<img src="'.SITEURL.'/images/u_banned.png" alt="" class="tooltip" title="User Banned"/>';
                  break;
          }
          
          return 
    $display;;
      }

      
    /**
       * isActive()
       * 
       * @param mixed $id
       * @return
       */
      
    function isActive($id)
      {
          if (
    $id == 1) {
              
    $display '<img src="'.SITEURL.'/images/yes.png" alt="" class="tooltip img-wrap2" title="Active"/>';
          } else {
              
    $display '<img src="'.SITEURL.'/images/no.png" alt="" class="tooltip img-wrap2" title="Inactive"/>';
          }

          return 
    $display;;
      }
      
      
    /**
       * barHeight()
       * 
       * @param mixed $total
       * @return
       */ 
      
    function barHeight($total)
      {
          switch (
    $total) {
              case (
    $total <= 10):
                  print 
    10;
                  break;
              case (
    $total >= 10 && $total <= 50):
                  print 
    20;
                  break;
              case (
    $total >= 50 && $total <= 100):
                  print 
    30;
                  break;
              case (
    $total >= 100 && $total <= 200):
                  print 
    40;
                  break;
              case (
    $total >= 200 && $total <= 300):
                  print 
    50;
                  break;
              case (
    $total >= 300 && $total <= 500):
                  print 
    60;
                  break;
              case (
    $total >= 500 && $total <= 700):
                  print 
    70;
                  break;
              case (
    $total >= 700 && $total <= 900):
                  print 
    80;
                  break;
              case (
    $total >= 900 && $total <= 1000):
                  print 
    90;
                  break;
              case (
    $total >= 1000 && $total 3000):
                  print 
    99;
                  break;
          }
      }
      
      
    /**
       * randName()
       * 
       * @return
       */ 
      
    function randName() {
          
    $code '';
          for(
    $x 0$x<6$x++) {
              
    $code .= '-'.substr(strtoupper(sha1(rand(0,999999999999999))),2,6);
          }
          
    $code substr($code,1);
          return 
    $code;
      }
    ?>
    Last edited by Kayz; 10-24-2011 at 02:42 PM.

  • #10
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    The next script is too long for the forum, i will post this script in two different posts.. this is one file.


    Also this script:


    class_user.php - Part 1

    PHP Code:
    <?php

      
      
    if (!defined("_VALID_PHP"))
          die(
    'Direct access to this location is not allowed.');

      class 
    Users
      
    {
          private 
    $uTable "users";
          public 
    $logged_in null;
          public 
    $uid 0;
          public 
    $userid 0;
          public 
    $username;
          public 
    $email;
          public 
    $name;
          public 
    $bioname;
          public 
    $membership_id 0;
          public 
    $userlevel;
          private 
    $lastlogin "NOW()";
          

          
    /**
           * Users::__construct()
           * 
           * @return
           */
          
    function __construct()
          {
              
    $this->getUserId();
              
    $this->startSession();
          }

          
    /**
           * Users::getUserId()
           * 
           * @return
           */
          
    private function getUserId()
          {
                global 
    $core;
              if (isset(
    $_GET['userid'])) {
                  
    $userid = (is_numeric($_GET['userid']) && $_GET['userid'] > -1) ? intval($_GET['userid']) : false;
                  
    $userid sanitize($userid);
                  
                  if (
    $userid == false) {
                      
    $core->error("You have selected an Invalid Userid","Users::getUserId()");
                  } else
                      return 
    $this->userid $userid;
              }
          }  

          
    /**
           * Users::startSession()
           * 
           * @return
           */
          
    private function startSession()
          {
            
    session_start();
            
    $this->logged_in $this->loginCheck();
            
            if (!
    $this->logged_in) {
                
    $this->username $_SESSION['username'] = "Guest";
                
    $this->userlevel 0;
            }
          }

          
    /**
           * Users::loginCheck()
           * 
           * @return
           */
          
    private function loginCheck()
          {
              if (isset(
    $_SESSION['username']) && $_SESSION['username'] != "Guest") {
                  
                  
    $row $this->getUserInfo($_SESSION['username']);
                  
    $this->uid $row['id'];
                  
    $this->username $row['username'];
                  
    $this->email $row['email'];
                  
    $this->name $row['fname'].' '.$row['lname'];
                  
    $this->bioname $row['bioname'];
                  
    $this->userlevel $row['userlevel'];
                  
    $this->membership_id $row['membership_id'];
                  return 
    true;
              } else {
                  return 
    false;
              }  
          }

          
    /**
           * Users::is_Admin()
           * 
           * @return
           */
          
    public function is_Admin()
          {
              return(
    $this->userlevel == 9);
          
          }    

          
    /**
           * Users::login()
           * 
           * @param mixed $username
           * @param mixed $pass
           * @return
           */
          
    public function login($username$pass)
          {
              global 
    $db$core;

              if (
    $username == "" && $pass == "") {
                  
    $core->msgs['username'] = 'Please enter valid username and password.';
              } else {
                  
    $status $this->checkStatus($username$pass);
                  
                  switch (
    $status) {
                      case 
    0:
                          
    $core->msgs['username'] = 'Login and/or password did not match to the database.';
                          break;
                          
                      case 
    1:
                          
    $core->msgs['username'] = 'Your account has been banned.';
                          break;
                          
                      case 
    2:
                          
    $core->msgs['username'] = 'Your account it\'s not activated.';
                          break;
                          
                      case 
    3:
                          
    $core->msgs['username'] = 'You need to verify your email address.';
                          break;
                  }
              }
              if (empty(
    $core->msgs) && $status == 5) {
                  
    $row $this->getUserInfo($username);
                  
    $this->uid $_SESSION['userid'] = $row['id'];
                  
    $this->username $_SESSION['username'] = $row['username'];
                  
    $this->email $_SESSION['email'] = $row['email'];
                  
    $this->name $_SESSION['userlevel'] = $row['userlevel'];
                  
    $this->userlevel $_SESSION['userlevel'] = $row['userlevel'];
                  
    $this->bioname $_SESSION['bioname'] = $row['bioname'];
                  
    $this->membership_id $_SESSION['membership_id'] = $row['membership_id'];

                  
    $data = array(
                        
    'lastlogin' => $this->lastlogin
                        
    'lastip' => sanitize($_SERVER['REMOTE_ADDR'])
                  );
                  
    $db->update($this->uTable$data"username='" $this->username "'");
                  if(!
    $this->validateMembership()) {
                    
    $data = array(
                          
    'membership_id' => 0
                          
    'mem_expire' => "0000-00-00 00:00:00"
                    
    );
                    
    $db->update($this->uTable$data"username='" $this->username "'");
                  }
                      
                  return 
    true;
              } else
                  
    $core->msgStatus();
          }

          
    /**
           * Users::logout()
           * 
           * @return
           */
          
    public function logout()
          {
              unset(
    $_SESSION['username']);
              unset(
    $_SESSION['email']);
              unset(
    $_SESSION['name']);
              unset(
    $_SESSION['membership_id']);
              unset(
    $_SESSION['userid']);
              
    session_destroy();
              
    session_regenerate_id();
              
              
    $this->logged_in false;
              
    $this->username "Guest";
              
    $this->userlevel 0;
          }

          
    /**
           * Users::getUserInfo()
           * 
           * @param mixed $username
           * @return
           */
          
    private function getUserInfo($username)
          {
              global 
    $db;
              
    $username sanitize($username);
              
    $username $db->escape($username);
              
              
    $sql "SELECT * FROM " $this->uTable " WHERE username = '" $username "'";
              
    $row $db->first($sql);
              if (!
    $username)
                  return 
    false;
              
              return (
    $row) ? $row 0;
          }

          
    /**
           * Users::checkStatus()
           * 
           * @param mixed $username
           * @param mixed $pass
           * @return
           */
          
    public function checkStatus($username$pass)
          {
              global 
    $db;
              
              
    $username sanitize($username);
              
    $username $db->escape($username);
              
    $pass sanitize($pass);
              
              
    $sql "SELECT password, active FROM " $this->uTable
              
    "\n WHERE username = '".$username."'";
              
    $result $db->query($sql);
              
              if (
    $db->numrows($result) == 0)
                  return 
    0;
                  
              
    $row $db->fetch($result);
              
    $entered_pass sha1($pass);
              
              switch (
    $row['active']) {
                  case 
    "b":
                      return 
    1;
                      break;
                      
                  case 
    "n":
                      return 
    2;
                      break;
                      
                  case 
    "t":
                      return 
    3;
                      break;
                      
                  case 
    "y" && $entered_pass == $row['password']:
                      return 
    5;
                      break;
              }
          }

          
    /**
           * Users::getUsers()
           * 
           * @param bool $from
           * @return
           */
          
    public function getUsers($from false)
          {
              global 
    $db$pager$core;
              
              require_once(
    BASEPATH "lib/class_paginate.php");
              
    $pager = new Paginator();
              
              
    $counter countEntries($this->uTable);
              
    $pager->items_total $counter;
              
    $pager->default_ipp $core->perpage;
              
    $pager->paginate();
              
              if (
    $counter == 0) {
                  
    $pager->limit null;
              }

              if (isset(
    $_GET['sort'])) {
                  list(
    $sort$order) = explode("-"$_GET['sort']);
                  
    $sort sanitize($sort);
                  
    $order sanitize($order);
                  if (
    in_array($sort, array("username""fname""lname""email""created"))) {
                      
    $ord = ($order == 'DESC') ? " DESC" " ASC";
                      
    $sorting " u." $sort $ord;
                  } else {
                      
    $sorting " u.created DESC";
                  }
              } else {
                  
    $sorting " u.created DESC";
              }
              
              
    $clause = (isset($clause)) ? $clause null;
              
              if (isset(
    $_POST['fromdate']) && $_POST['fromdate'] <> "" || isset($from) && $from != '') {
                  
    $enddate date("Y-m-d");
                  
    $fromdate = (empty($from)) ? $_POST['fromdate'] : $from;
                  if (isset(
    $_POST['enddate']) && $_POST['enddate'] <> "") {
                      
    $enddate $_POST['enddate'];
                  }
                  
    $clause .= " WHERE u.created BETWEEN '" trim($fromdate) . "' AND '" trim($enddate) . " 23:59:59'";
              } 
              
              
    $sql "SELECT u.*, CONCAT(u.fname,' ',u.lname) as name, m.title, m.id as mid,"
              
    "\n DATE_FORMAT(u.created, '%d. %b. %Y.') as cdate,"
              
    "\n DATE_FORMAT(u.lastlogin, '%d. %b. %Y.') as adate"
              
    "\n FROM " $this->uTable " as u"
              
    "\n LEFT JOIN memberships as m ON m.id = u.membership_id" 
              
    "\n " $clause
              
    "\n ORDER BY " $sorting $pager->limit;
              
    $row $db->fetch_all($sql);
              
              return (
    $row) ? $row 0;
          }

          
    /**
           * Users::processUser()
           * 
           * @return
           */
          
    public function processUser()
          {
              global 
    $db$core;

              if (!
    $this->userid) {
                  if (empty(
    $_POST['username']))
                      
    $core->msgs['username'] = 'Please Enter Valid Username';
                  
                  if (
    $value $this->usernameExists($_POST['username'])) {
                      if (
    $value == 1)
                          
    $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).';
                      if (
    $value == 2)
                          
    $core->msgs['username'] = 'Invalid Characters Found In Username.';
                      if (
    $value == 3)
                          
    $core->msgs['username'] = 'Sorry, This Username Is Already Taken';
                  }
              }

              if (empty(
    $_POST['fname']))
                  
    $core->msgs['fname'] = 'Please Enter First Name';
                  
              if (empty(
    $_POST['lname']))
                  
    $core->msgs['lname'] = 'Please Enter Last Name';
                  
              if (!
    $this->userid) {
                  if (empty(
    $_POST['password']))
                      
    $core->msgs['password'] = 'Please Enter Valid Password.';

             
               if (empty(
    $_POST['bioname']))
                  
    $core->msgs['bioname'] = 'Please Enter Bio Name';
              
              }

             

              if (empty(
    $_POST['email']))
                  
    $core->msgs['email'] = 'Please Enter Valid Email Address';
              if (!
    $this->userid) {
                  if (
    $this->emailExists($_POST['email']))
                      
    $core->msgs['email'] = 'Entered Email Address Is Already In Use.';
              }
              if (!
    $this->isValidEmail($_POST['email']))
                  
    $core->msgs['email'] = 'Entered Email Address Is Not Valid.';

              if (empty(
    $core->msgs)) {
                  
                  
    $data = array(
                      
    'username' => sanitize($_POST['username']), 
                      
    'email' => sanitize($_POST['email']), 
                      
    'lname' => sanitize($_POST['lname']), 
                      
    'fname' => sanitize($_POST['fname']),
                      
    'bioname' => sanitize($_POST['bioname']), 
                      
    'membership_id' => intval($_POST['membership_id']),
                      
    'mem_expire' => $this->calculateDays($_POST['membership_id']),
                      
    'newsletter' => intval($_POST['newsletter']),
                      
    'userlevel' => intval($_POST['userlevel']), 
                      
    'active' => sanitize($_POST['active'])
                  );

                  if (!
    $this->userid)
                      
    $data['created'] = "NOW()";
                       
                  if (
    $this->userid)
                      
    $userrow $core->getRowById($this->uTable$this->userid);
                  
                  if (
    $_POST['password'] != "") {
                      
    $data['password'] = sha1($_POST['password']);
                  } else {
                      
    $data['password'] = $userrow['password'];
                  }

                   if (
    $_POST['biopass'] != "") {
                      
    $data['biopass'] = sha1($_POST['biopass']);
                  } else {
                      
    $data['biopass'] = $userrow['biopass'];
                  }

                  
         
    /**
           * Users::updateProfile()
           * 
           * @return
           */
          
    public function updateProfile()
          {
              global 
    $db$core;

              if (empty(
    $_POST['fname']))
                  
    $core->msgs['fname'] = 'Please Enter First Name';
                  
              if (empty(
    $_POST['lname']))
                  
    $core->msgs['lname'] = 'Please Enter Last Name';

              if (empty(
    $_POST['bioname']))
                  
    $core->msgs['bioname'] = 'Please Enter Bio Name';

              if (empty(
    $_POST['email']))
                  
    $core->msgs['email'] = 'Please Enter Valid Email Address';

              if (!
    $this->isValidEmail($_POST['email']))
                  
    $core->msgs['email'] = 'Entered Email Address Is Not Valid.';

              if (empty(
    $core->msgs)) {
                  
                  
    $data = array(
                      
    'email' => sanitize($_POST['email']), 
                      
    'bioname' => sanitize($_POST['bioname']),
                      
    'lname' => sanitize($_POST['lname']), 
                      
    'fname' => sanitize($_POST['fname']),
                      
    'newsletter' => intval($_POST['newsletter'])
                  );
                       
                  
    $userpass getValue("password"$this->uTable"id = '".$this->uid."'");
                  
                  if (
    $_POST['password'] != "") {
                      
    $data['password'] = sha1($_POST['password']);
                  } else
                      
    $data['password'] = $userpass;


                  
    $biopass getValue("biopass"$this->uTable"id = '".$this->uid."'");
                  
                  if (
    $_POST['biopass'] != "") {
                      
    $data['biopass'] = sha1($_POST['biopass']);
                  } else
                      
    $data['biopass'] = $biopass;


    // Start Avatar Upload
                  
    include(BASEPATH "lib/class_imageUpload.php");
                  include(
    BASEPATH "lib/class_imageResize.php");

                  
    $newName "IMG_" randName();
                  
    $ext substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1);
                  
    $name $newName.".".strtolower($ext);
            
                  
    $als = new Upload();
                  
    $als->File $_FILES['avatar'];
                  
    $als->method 1;
                  
    $als->SavePath UPLOADS;
                  
    $als->NewWidth $core->thumb_w;
                  
    $als->NewHeight $core->thumb_h;
                  
    $als->NewName  $newName;
                  
    $als->OverWrite true;
                  
    $err $als->UploadFile();

                  if (
    $this->userid) {
                      
    $avatar getValue("avatar",$this->uTable,"id = '".$this->userid."'");
                      if (!empty(
    $_FILES['avatar']['name'])) {
                          if (
    $avatar) {
                              @
    unlink($als->SavePath $avatar);
                          }
                          
    $data['avatar'] = $name;
                      } else {
                          
    $data['avatar'] = $avatar;
                      }
                  } else {
                      if (!empty(
    $_FILES['avatar']['name'])) 
                      
    $data['avatar'] = $name;
                  }
                  
                  if (
    count($err) > and is_array($err)) {
                      foreach (
    $err as $key => $val) {
                          
    $core->msgError($valfalse);
                      }
                  }
                      
                  (
    $this->userid) ? $db->update($this->uTable$data"id='" . (int)$this->userid "'") : $db->insert($this->uTable$data);
                  
    $message = ($this->userid) ? '<span>Success!</span>User updated successfully!' '<span>Success!</span>User added successfully!';

                  if (
    $db->affected()) {
                      
    $core->msgOk($message);
                      
                      if (isset(
    $_POST['notify']) && intval($_POST['notify']) == 1) {
                          
                          require_once(
    BASEPATH "lib/class_mailer.php");
                          
    $mailer $mail->sendMail();    
                                      
                          
    $row $core->getRowById("email_templates"3);
                          
                          
    $body str_replace(array('[USERNAME]''[PASSWORD]''[BIONAME]''[BIOPASS]''[NAME]''[SITE_NAME]''[URL]'), 
                          array(
    $data['username'], $_POST['password'], $_POST['bioname'], $_POST['biopass'], $data['fname'].' '.$data['lname'], $core->site_name$core->site_url), $row['body']);
                
                          
    $message Swift_Message::newInstance()
                                    ->
    setSubject($row['subject'])
                                    ->
    setTo(array($data['email'] => $data['fname'].' '.$data['lname']))
                                    ->
    setFrom(array($core->site_email => $core->site_name))
                                    ->
    setBody(cleanOut($body), 'text/html');
                                    
                           
    $mailer->send($message);
                      }
                  } else
                      
    $core->msgAlert('<span>Alert!</span>Nothing to process.');
              } else
                  print 
    $core->msgStatus();
          }
    Last edited by Kayz; 10-24-2011 at 02:43 PM.

  • #11
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Continued.

    class_user.php - Part 2


    PHP Code:

                  
    // Start Avatar Upload
                  
    include(BASEPATH "lib/class_imageUpload.php");
                  include(
    BASEPATH "lib/class_imageResize.php");

                  
    $newName "IMG_" randName();
                  
    $ext substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1);
                  
    $name $newName.".".strtolower($ext);
            
                  
    $als = new Upload();
                  
    $als->File $_FILES['avatar'];
                  
    $als->method 1;
                  
    $als->SavePath UPLOADS;
                  
    $als->NewWidth $core->thumb_w;
                  
    $als->NewHeight $core->thumb_h;
                  
    $als->NewName  $newName;
                  
    $als->OverWrite true;
                  
    $err $als->UploadFile();

                      
    $avatar getValue("avatar",$this->uTable,"id = '".$this->uid."'");
                      if (!empty(
    $_FILES['avatar']['name'])) {
                          if (
    $avatar) {
                              @
    unlink($als->SavePath $avatar);
                          }
                          
    $data['avatar'] = $name;
                      } else {
                          
    $data['avatar'] = $avatar;
                      }
                  
                  if (
    count($err) > and is_array($err)) {
                      foreach (
    $err as $key => $val) {
                          
    $core->msgError($valfalse);
                      }
                  }
                  
                  
    $db->update($this->uTable$data"id='" . (int)$this->uid "'");

                  (
    $db->affected()) ? $core->msgOk('<span>Success!</span> You have successfully updated your profile.') : $core->msgAlert('<span>Alert!</span>Nothing to process.');
              } else
                  print 
    $core->msgStatus();
          } 

          
    /**
           * User::register()
           * 
           * @return
           */
          
    public function register()
          {
              global 
    $db$core;
              
              if (empty(
    $_POST['username']))
                  
    $core->msgs['username'] = 'Please Enter Valid Username';
              
              if (
    $value $this->usernameExists($_POST['username'])) {
                  if (
    $value == 1)
                      
    $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).';
                  if (
    $value == 2)
                      
    $core->msgs['username'] = 'Invalid Characters Found In Username.';
                  if (
    $value == 3)
                      
    $core->msgs['username'] = 'Sorry, This Username Is Already Taken';
              }


              if (empty(
    $_POST['fname']))
                  
    $core->msgs['fname'] = 'Please Enter First Name';
                  
              if (empty(
    $_POST['lname']))
                  
    $core->msgs['lname'] = 'Please Enter Last Name';

              if (empty(
    $_POST['bioname']))
                  
    $core->msgs['bioname'] = 'Please Enter Valid Bioname';

              if (empty(
    $_POST['pass']))
                  
    $core->msgs['pass'] = 'Please Enter Valid Password.';
              
              if (
    strlen($_POST['pass']) < 6)
                  
    $core->msgs['pass'] = 'Password is too short (less than 6 characters long)';
              elseif (!
    preg_match("/^([0-9a-z])+$/i", ($_POST['pass'] = trim($_POST['pass']))))
                  
    $core->msgs['pass'] = 'Password entered is not alphanumeric.';
              elseif (
    $_POST['pass'] != $_POST['pass2'])
                  
    $core->msgs['pass'] = 'Your password did not match the confirmed password!.';



               if (empty(
    $_POST['biopass']))
                  
    $core->msgs['pass'] = 'Please Enter Valid Password.';
              
              
              
              if (empty(
    $_POST['email']))
                  
    $core->msgs['email'] = 'Please Enter Valid Email Address';
              
              if (
    $this->emailExists($_POST['email']))
                  
    $core->msgs['email'] = 'Entered Email Address Is Already In Use.';
              
              if (!
    $this->isValidEmail($_POST['email']))
                  
    $core->msgs['email'] = 'Entered Email Address Is Not Valid.';
                            
              if ((int)empty(
    $_POST['captcha']))
                  
    $core->msgs['captcha'] = 'Please enter the total amount.';
              
              if (
    $_POST['captcha'] != "9")
                  
    $core->msgs['captcha'] = 'Entered total amount is incorrect.';
              
              if (empty(
    $core->msgs)) {

                  
    $token = ($core->reg_verify == 1) ? $this->generateRandID() : 0;
                  
    $pass sanitize($_POST['pass']);
                  
                  if(
    $core->reg_verify == 1) {
                      
    $active "t";
                  } elseif(
    $core->auto_verify == 0) {
                      
    $active "n";
                  } else {
                      
    $active "y";
                  }
                      
                  
    $data = array(
                          
    'username' => sanitize($_POST['username']), 
                          
    'password' => sha1($_POST['pass']),
                          
    'bioname' => sanitize($_POST['bioname']), 
                          
    'biopass' => sha1($_POST['biopass']),
                          
    'email' => sanitize($_POST['email']), 
                          
    'fname' => sanitize($_POST['fname']),
                          
    'lname' => sanitize($_POST['lname']),
                          
    'token' => $token,
                          
    'active' => $active
                          
    'created' => "NOW()"
                  
    );
                  
                  
    $db->insert($this->uTable$data);
            
                  require_once(
    BASEPATH "lib/class_mailer.php");
                  
                  if (
    $core->reg_verify == 1) {
                      
    $actlink $core->site_url "/activate.php";
                      
    $row $core->getRowById("email_templates"1);
                      
                      
    $body str_replace(
                            array(
    '[NAME]''[USERNAME]''[PASSWORD]''[TOKEN]''[EMAIL]''[URL]''[LINK]''[SITE_NAME]'), 
                            array(
    $data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $token$data['email'], $core->site_url$actlink$core->site_name), $row['body']
                            );
                            
                     
    $newbody cleanOut($body);    
                         
                      
    $mailer $mail->sendMail();
                      
    $message Swift_Message::newInstance()
                                ->
    setSubject($row['subject'])
                                ->
    setTo(array($data['email'] => $data['username']))
                                ->
    setFrom(array($core->site_email => $core->site_name))
                                ->
    setBody($newbody'text/html');
                                
                     
    $mailer->send($message);
                     
                  } elseif (
    $core->auto_verify == 0) {
                      
    $row $core->getRowById("email_templates"14);
                      
                      
    $body str_replace(
                            array(
    '[NAME]''[USERNAME]''[PASSWORD]''[BIONAME]''[BIOPASS]''[URL]''[SITE_NAME]'), 
                            array(
    $data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $_POST['bioname'], $_POST['biopass'], $core->site_url$core->site_name), $row['body']
                            );
                            
                     
    $newbody cleanOut($body);    

                      
    $mailer $mail->sendMail();
                      
    $message Swift_Message::newInstance()
                                ->
    setSubject($row['subject'])
                                ->
    setTo(array($data['email'] => $data['username']))
                                ->
    setFrom(array($core->site_email => $core->site_name))
                                ->
    setBody($newbody'text/html');
                                
                     
    $mailer->send($message); 
                      
                  } else {
                      
    $row $core->getRowById("email_templates"7);
                      
                      
    $body str_replace(
                            array(
    '[NAME]''[USERNAME]''[PASSWORD]''[BIONAME]''[BIOPASS]''[URL]''[SITE_NAME]'), 
                            array(
    $data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $_POST['bioname'], $_POST['biopass'], $core->site_url$core->site_name), $row['body']
                            );
                            
                     
    $newbody cleanOut($body);    

                      
    $mailer $mail->sendMail();
                      
    $message Swift_Message::newInstance()
                                ->
    setSubject($row['subject'])
                                ->
    setTo(array($data['email'] => $data['username']))
                                ->
    setFrom(array($core->site_email => $core->site_name))
                                ->
    setBody($newbody'text/html');
                                
                     
    $mailer->send($message);

                  }
                  if(
    $core->notify_admin) {
                    
    $arow $core->getRowById("email_templates"13);
      
                        
    $abody str_replace(
                              array(
    '[USERNAME]''[EMAIL]''[NAME]''[BIONAME]''[BIOPASS]''[IP]'), 
                              array(
    $data['username'], $data['email'], $data['fname'].' '.$data['lname'], $_POST['bioname'], $_POST['biopass'], $_SERVER['REMOTE_ADDR']), $arow['body']
                              );
                              
                       
    $anewbody cleanOut($abody);    
      
                        
    $amailer $mail->sendMail();
                        
    $amessage Swift_Message::newInstance()
                                  ->
    setSubject($arow['subject'])
                                  ->
    setTo(array($core->site_email => $core->site_name))
                                  ->
    setFrom(array($core->site_email => $core->site_name))
                                  ->
    setBody($anewbody'text/html');
                                  
                       
    $amailer->send($amessage);
                  }
                  
                  (
    $db->affected() && $mailer) ?  print "OK" $core->msgError('<span>Error!</span>There was an error during registration process. Please contact the administrator...',false);
              } else
                  print 
    $core->msgStatus();
          } 
          
          
    /**
           * User::passReset()
           * 
           * @return
           */
          
    public function passReset()
          {
              global 
    $db$core;
              
              if (empty(
    $_POST['uname']))
                  
    $core->msgs['uname'] = 'Please Enter Valid Username';
              
              
    $uname $this->usernameExists($_POST['uname']);
              if (
    strlen($_POST['uname']) < || strlen($_POST['uname']) > 30 || !preg_match("/^([0-9a-z])+$/i"$_POST['uname']) || $uname != 3)
                  
    $core->msgs['uname'] = 'We are sorry, selected username does not exist in our database';

              if (empty(
    $_POST['email']))
                  
    $core->msgs['email'] = 'Please Enter Valid Email Address';

              if (!
    $this->emailExists($_POST['email']))
                  
    $core->msgs['uname'] = 'Entered Email Address Does Not Exists.';
                    
              if (empty(
    $_POST['captcha']))
                  
    $core->msgs['captcha'] = 'Please enter the total amount';
              
              if (
    $_POST['captcha'] != "10")
                  
    $core->msgs['captcha'] = 'Entered total amount is incorrect';
              
              if (empty(
    $core->msgs)) {
                  
                  
    $user $this->getUserInfo($_POST['uname']);
                  
    $randpass $this->getUniqueCode(12);
                  
    $newpass sha1($randpass);
                  
                  
    $data['password'] = $newpass;
                  
                  
    $db->update($this->uTable$data"username = '" $user['username'] . "'");
              
                  require_once(
    BASEPATH "lib/class_mailer.php");
                  
    $row $core->getRowById("email_templates"2);
                  
                  
    $body str_replace(
                        array(
    '[USERNAME]''[PASSWORD]''[URL]''[LINK]''[IP]''[SITE_NAME]'), 
                        array(
    $user['username'], $randpass$core->site_url$core->site_url$_SERVER['REMOTE_ADDR'], $core->site_name), $row['body']
                        );
                        
                  
    $newbody cleanOut($body);

                  
    $mailer $mail->sendMail();
                  
    $message Swift_Message::newInstance()
                            ->
    setSubject($row['subject'])
                            ->
    setTo(array($user['email'] => $user['username']))
                            ->
    setFrom(array($core->site_email => $core->site_name))
                            ->
    setBody($newbody'text/html');
                            
                  (
    $db->affected() && $mailer->send($message)) ? $core->msgOk('<span>Success!</span>You have successfully changed your password. Please check your email for further info!',false) : $core->msgError('<span>Error!</span>There was an error during the process. Please contact the administrator.',false);

              } else
                  print 
    $core->msgStatus();
          }



          
    /**
           * User::activateUser()
           * 
           * @return
           */
          
    public function activateUser()
          {
              global 
    $db$core;
              
              if (empty(
    $_POST['email']))
                  
    $core->msgs['email'] = 'Please Enter Valid Email Address';
              
              if (!
    $this->emailExists($_POST['email']))
                  
    $core->msgs['email'] = 'Entered Email Address Does Not Exists.';
              
              if (empty(
    $_POST['token']))
                  
    $core->msgs['token'] = 'The token code is not valid';
              
              if (!
    $this->validateToken($_POST['token']))
                  
    $core->msgs['token'] = 'This account has been already activated!';
              
              if (empty(
    $core->msgs)) {
                  
    $email sanitize($_POST['email']);
                  
    $token sanitize($_POST['token']);
                  
    $message = ($core->auto_verify == 1) ? '<span>Success!</span>You have successfully activated your account!' '<span>Success!</span>Your account is now active. However you still need to wait for administrative approval.';
                  
                  
    $data = array(
                        
    'token' => 0
                        
    'active' => ($core->auto_verify) ? "y" "n"
                  
    );
                  
                  
    $db->update($this->uTable$data"email = '" $email "' AND token = '" $token "'");
                  (
    $db->affected()) ? $core->msgOk($message,false) : $core->msgError('<span>Error!</span>There was an error during the activation process. Please contact the administrator.',false);
              } else
                  print 
    $core->msgStatus();
          }

          
    /**
           * Users::getUserData()
           * 
           * @return
           */
          
    public function getUserData()
          {
              global 
    $db$core;
              
              
    $sql "SELECT *, DATE_FORMAT(created, '%a. %d, %M %Y') as cdate,"
              
    "\n DATE_FORMAT(lastlogin, '%a. %d, %M %Y') as ldate"
              
    "\n FROM " $this->uTable
              
    "\n WHERE id = '" $this->uid "'";
              
    $row $db->first($sql);

              return (
    $row) ? $row 0;
          }

          
    /**
           * Users::getUserMembership()
           * 
           * @return
           */
          
    public function getUserMembership()
          {
              global 
    $db$core;
                        
              
    $sql "SELECT u.*, m.title,"
              
    "\n DATE_FORMAT(u.mem_expire, '%d. %b. %Y.') as expiry"
              
    "\n FROM " $this->uTable " as u"
              
    "\n LEFT JOIN memberships as m ON m.id = u.membership_id" 
              
    "\n WHERE u.id = '" $this->uid "'";
              
    $row $db->first($sql);
              
              return (
    $row) ? $row 0;
          }

          
    /**
           * Users::calculateDays()
           * 
           * @return
           */
          
    public function calculateDays($membership_id)
          {
              global 
    $db;
              
              
    $now date('Y-m-d H:i:s');
              
    $row $db->first("SELECT days, period FROM memberships WHERE id = '" . (int)$membership_id "'");
              if(
    $row) {
                  switch(
    $row['period']) {
                      case 
    "D" :
                      
    $diff $row['days'];
                      break;
                      case 
    "W" :
                      
    $diff $row['days'] * 7;
                      break; 
                      case 
    "M" :
                      
    $diff $row['days'] * 30;
                      break;
                      case 
    "Y" :
                      
    $diff $row['days'] * 365;
                      break;
                  }
                
    $expire date("Y-m-d H:i:s"strtotime($now . + $diff " days"));
              } else {
                
    $expire "0000-00-00 00:00:00";
              }
              return 
    $expire;
          }

          
    /**
           * User::trialUsed()
           * 
           * @return
           */
         
    public function trialUsed()
          {
              global 
    $db;

              
    $sql "SELECT trial_used" 
              
    "\n FROM ".$this->uTable 
              
    "\n WHERE id ='" $this->uid "'" 
              
    "\n LIMIT 1";
              
    $row $db->first($sql);
              
              return (
    $row['trial_used'] == 1) ? true false;
          }

          
    /**
           * Users::validateMembership()
           * 
           * @return
           */
          
    public function validateMembership()
          {
              global 
    $db;
              
              
    $sql "SELECT mem_expire" 
              
    "\n FROM " $this->uTable
              
    "\n WHERE id = '" $this->uid "'" 
              
    "\n AND TO_DAYS(mem_expire) > TO_DAYS(NOW())";
              
    $row $db->first($sql);
              
              return (
    $row) ? $row 0;
          }

          
    /**
           * Users::checkMembership()
           * 
           * @param string $memids
           * @return
           */
          
    public function checkMembership($memids)
          {
              global 
    $db;
              
              
    $m_arr explode(","$memids);
              
    reset($m_arr);
              
              if (
    $this->logged_in and $this->validateMembership() and in_array($this->membership_id$m_arr)) {
                  return 
    true;
              } else
                  return 
    false;
          }
                                                    
          
    /**
           * Users::usernameExists()
           * 
           * @param mixed $username
           * @return
           */
          
    private function usernameExists($username)
          {
              global 
    $db;
              
              
    $username sanitize($username);
              if (
    strlen($db->escape($username)) < 4)
                  return 
    1;
              
              
    $alpha_num str_replace(" """$username);
              if (!
    ctype_alnum($alpha_num))
                  return 
    2;
              
              
    $sql $db->query("SELECT username" 
              
    "\n FROM users" 
              
    "\n WHERE username = '" $username "'" 
              
    "\n LIMIT 1");
              
              
    $count $db->numrows($sql);
              
              return (
    $count 0) ? false;
          }      
          
          
    /**
           * User::emailExists()
           * 
           * @param mixed $email
           * @return
           */
          
    private function emailExists($email)
          {
              global 
    $db;
              
              
    $sql $db->query("SELECT email" 
              
    "\n FROM users" 
              
    "\n WHERE email = '" sanitize($email) . "'" 
              
    "\n LIMIT 1");
              
              if (
    $db->numrows($sql) == 1) {
                  return 
    true;
              } else
                  return 
    false;
          }
          
          
    /**
           * User::isValidEmail()
           * 
           * @param mixed $email
           * @return
           */
          
    private function isValidEmail($email)
          {
              if (
    function_exists('filter_var')) {
                  if (
    filter_var($emailFILTER_VALIDATE_EMAIL)) {
                      return 
    true;
                  } else
                      return 
    false;
              } else
                  return 
    preg_match('/^[a-zA-Z0-9._+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/'$email);
          }     

          
    /**
           * User::validateToken()
           * 
           * @param mixed $token
           * @return
           */
         
    private function validateToken($token)
          {
              global 
    $db;
              
    $token sanitize($token,40);
              
    $sql "SELECT token" 
              
    "\n FROM ".$this->uTable 
              
    "\n WHERE token ='" $db->escape($token) . "'" 
              
    "\n LIMIT 1";
              
    $result $db->query($sql);
              
              if (
    $db->numrows($result))
                  return 
    true;
          }
          
          
    /**
           * Users::getUniqueCode()
           * 
           * @param string $length
           * @return
           */
          
    private function getUniqueCode($length "")
          {
              
    $code sha1(uniqid(rand(), true));
              if (
    $length != "") {
                  return 
    substr($code0$length);
              } else
                  return 
    $code;
          }

          
    /**
           * Users::generateRandID()
           * 
           * @return
           */
          
    private function generateRandID()
          {
              return 
    sha1($this->getUniqueCode(24));
          }

          
    /**
           * Users::levelCheck()
           * 
           * @param string $levels
           * @return
           */
          
    public function levelCheck($levels)
          {
              global 
    $db;
              
    $m_arr explode(","$levels);
              
    reset($m_arr);
              
              if (
    $this->logged_in and in_array($this->userlevel$m_arr))
              return 
    true;
          }
          
          
    /**
           * Users::getUserLevels()
           * 
           * @return
           */
          
    public function getUserLevels($level false)
          {
              
    $arr = array(
                     
    => 'Super Admin',
                     
    => 'Registered User',
                     
    => 'User Level 2',
                     
    => 'User Level 3',
                     
    => 'User Level 4',
                     
    => 'User Level 5',
                     
    => 'User Level 6',
                     
    => 'User Level 7'
              
    );
              
              
    $list '';
              foreach (
    $arr as $key => $val) {
                      if (
    $key == $level) {
                          
    $list .= "<option selected=\"selected\" value=\"$key\">$val</option>\n";
                      } else
                          
    $list .= "<option value=\"$key\">$val</option>\n";
              }
              unset(
    $val);
              return 
    $list;
          } 
                      
          
    /**
           * Users::getUserFilter()
           * 
           * @return
           */
          
    public function getUserFilter()
          {
              
    $arr = array(
                     
    'username-ASC' => 'Username &uarr;',
                     
    'username-DESC' => 'Username & &darr;',
                     
    'fname-ASC' => 'First Name &uarr;',
                     
    'fname-DESC' => 'First Name &darr;',
                     
    'lname-ASC' => 'Last Name &uarr;',
                     
    'lname-DESC' => 'Last Name &darr;',
                     
    'email-ASC' => 'Email Address &uarr;',
                     
    'email-DESC' => 'Email Address &darr;',
                     
    'created-ASC' => 'Registered &uarr;',
                     
    'created-DESC' => 'Registered &darr;',
              );
              
              
    $filter '';
              foreach (
    $arr as $key => $val) {
                      if (
    $key == get('sort')) {
                          
    $filter .= "<option selected=\"selected\" value=\"$key\">$val</option>\n";
                      } else
                          
    $filter .= "<option value=\"$key\">$val</option>\n";
              }
              unset(
    $val);
              return 
    $filter;
          }                          
      }
    ?> 
    Last edited by Kayz; 10-24-2011 at 02:43 PM.

  • #12
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,335
    Thanks
    13
    Thanked 348 Times in 344 Posts
    the password in the insertion code is not passed through stripslashes()/mysql_real_escape_string(), that might be a reason.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #13
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Dormilich View Post
    the password in the insertion code is not passed through stripslashes()/mysql_real_escape_string(), that might be a reason.
    I've commented them out, still to no avail...

  • #14
    New Coder
    Join Date
    Oct 2011
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    I was just about to upload all the files for you all to test until i realised what the problem was.

    Firstly I want to thank everybody for helping me, including you Inigoesdr i eventually got it to work!

    You won't imagine how much i hate myself right now. Took me 4 whole days to discover what the problem was.

    Because i modified the database to set a second set of sha1 passwords (which what my script was trying to match) i set the varchar for the password field to 30 instead of 50!

    How easy and at the same time how stupid of me was that?

    Somebody kick me side ways!

    Thank you all.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •